Skip to content

Commit

Permalink
N°6282 Fix XSS vulnerability in soap
Browse files Browse the repository at this point in the history
  • Loading branch information
Timmy38 committed Dec 16, 2024
1 parent 32ef639 commit 9ae372f
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions webservices/soapserver.php
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,10 @@

// this file is generated dynamically with location = here
$sWsdlUri = utils::GetAbsoluteUrlAppRoot().'webservices/itop.wsdl.php';
if (isset($_REQUEST['service_category']) && (!empty($_REQUEST['service_category'])))
$sServiceCategory = utils::ReadParam($_REQUEST['service_category']);
if (!empty($sServiceCategory))
{
$sWsdlUri .= "?service_category=".$_REQUEST['service_category'];
$sWsdlUri .= "?service_category=".$sServiceCategory;
}


Expand All @@ -43,9 +44,9 @@
)
);
// $oSoapServer->setPersistence(SOAP_PERSISTENCE_SESSION);
if (isset($_REQUEST['service_category']) && (!empty($_REQUEST['service_category'])))
if (!empty($sServiceCategory))
{
$sServiceClass = $_REQUEST['service_category'];
$sServiceClass = $sServiceCategory;
if (!class_exists($sServiceClass))
{
// not a valid class name (not a PHP class at all)
Expand Down

0 comments on commit 9ae372f

Please sign in to comment.